CA Windon wrote:
Dear NANOG-ers,
I work for an information security company that is dependant upon ICMP for network mapping purposes (read: traceroute). On or about August 18, we were told, our upstream provider began blocking ICMP packets at its border in the Chicago NAP in an effort to cut down on the propagation of 'MSBlast'. This has effected our ability to accurately map our customers networks.
We've been in contact with an engineer in this provider's NOC who is either unable or unwilling to remove this ACL for our block of IPs.
Currently, we've been given two options. (1) Deal with the effect of the ACL until 'MSBlast' traffic subsides, or (2) they are willing to reroute our traffic out of the Chicago NAP to a border router that, they claim, does not have the same ACL. The problem with option 2 is that they would force us to renumber. This is a problem for us, as it would impact our customers as well.
What options can I take to my management that would cause the least impact to the services we provide while not causing undue work for our clients. Also, what other options could I suggest to my upstream provider?
Blocking ICMP in no way slows or prevents the propagation of MSBlaster. ICMP echo requests and responses are, however, a byproduct of the Welchia/Nachi worm and blocking this traffic will prevent the worm's spread. Tell your ISP it need _at most_ block ICMP echoes. If they are blocking ICMP unreachables, which would break your traceroutes, they have broken the Internet Protocol. (Period.) One can even be more specific about blocking ICMP echo requests of a certain, atypical size to stop the Welchia pings while letting other ICMP pass. See the list archives for detailed instruction for how to do this for a variety of router platforms. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com